Date agreed: November 2024
Agreed by: Sustainable Amersham Board of Trustees
Last reviewed: November 2024
Next review due: November 2026
Policy aim and review
This policy aims to show how Sustainable Amersham, as a data controller:
- Ensures that any data collected is kept for the minimum period necessary and then deleted.
- Provides the necessary information to enable people to meet their data retention responsibilities.
- Delivers good practice in data standards.
- Outlines our commitment to protect personal data.
The policy links closely to the Sustainable Amersham Privacy Notice.
This policy will be reviewed every two years, or more regularly if there is a change in the law or an internal event that requires a review.
Commitment to data protection
The tables below show what data we collect, why we retain it and when we delete it.
Data collected | Retention period | Reason for retention period |
Email correspondence with Sustainable Amersham via the hello@sustainableamersham.org Account (data: name, email address, any data in emails) | 2 years (emails 2 years old or older will be deleted at the start of each calendar year). | Maintaining membership; correspondence about Sustainable Amersham matters; reference to earlier correspondence |
Document or email showing consent to receive newsletter (data: name and email address) | Until member or support unsubscribes from newsletter or withdraws consent of next of kin informs us of death of member or supporter. | To ensure delivery of newsletter |
Risk acceptance forms (data: name, signature, consent to photos, consent for newsletter, emergency contact name and telephone number) | Emergency contact blacked out one week after event. Consent form XX months | To show consent for use of photos, deal with any potential insurance or liability questions, and meet insurance company requirements |
Tickets booked via Eventbrite (name, email address, amount paid). | Six years from the end of the financial year in which the donation was made | To comply with tax regulations (Charities Act/HMRC) |
Volunteer records (name, email, telephone number, any health conditions that could affect volunteering, emergency contact, signature) | One year after volunteering ends | To manage volunteering and be able to deal with any queries post volunteering |
Correspondence regarding donations | Six years from the end of the financial year in which the donation was made | To comply with tax regulations (Charities Act/HMRC) |
Gift Aid declarations | Six years from the end of the financial year in which the donation was made | To comply with tax regulations (Charities Act/HMRC) |
Incident reports and accident books | Three years after last entry or end of investigation, if later | The Reporting of Injuries, Diseases and Dangerous Occurences Regulations 1995 |
Photos of individuals or groups | Photos three years old or older will be deleted at the start of the calendar year. Any photos used in reports or on social media will not be deleted. | To use in publications and in social media to show what we do. All photos require written consent. |
Repair Café intake forms | Forms one year or older will be deleted at the start of the calendar year. | To manage any questions after repairs have taken place or any items brought back for further repair. |
Trustee details (name, address, signature, email address, telephone number) | Permanently | Charities Act |
Information about contractors (CV, name, address, telephone number, bank details, DBS certificate, signature, invoice) | Six years after the end of the financial year in which the work was implemented. DBS information – one year after the activity takes place. | Charities Act |
Names, initials and personal interventions made in supporter meetings | All meeting notes 3 years or older will be deleted at the start of the calendar year | To manage the charity and refer to decisions and suggestions made |
Names, intials and personal interventions made in Trustee meetings | Permanently | To comply with Charities Act regulations |